Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Perfex Crm < 3.2.1, an authenticated attacker can send a crafted HTTP POST request to the affected upload_sales_file endpoint. By providing malicious input in the rel_id parameter, combined with improper input validation, the attacker can bypass restrictions and upload arbitrary files to directories of their choice, potentially leading to remote code execution or server compromise.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Perfex CRM 安全漏洞
Vulnerability Description
Perfex CRM是Perfex CRM开源的一款客户关系管理软件。用于在云中管理客户、项目和创建发票。 Perfex CRM存在安全漏洞,该漏洞源于通过向upload_sales_file端口发送特制请求并给rel_id参数提供恶意输入,可以绕过限制上传任意文件。
CVSS Information
N/A
Vulnerability Type
N/A